General

  • Target

    IMG-07072020.exe

  • Size

    858KB

  • Sample

    200707-v5y8n9kqea

  • MD5

    2cf6e0df55846c81ee2f985fbfb6ebf6

  • SHA1

    9cbc8b1dc3480ee5a1df5aa81a24f22225137309

  • SHA256

    d2f4642282933b92336508b254613f20a9db1f8a443669f56f6c354d8b319e1e

  • SHA512

    b962604fd3db93914e1760e94129ca6531591e89f6695382275332ebf1297eadde470664c710afd9c0a1c19413ab93eefe115f0359c758899df0703ef1472e71

Malware Config

Targets

    • Target

      IMG-07072020.exe

    • Size

      858KB

    • MD5

      2cf6e0df55846c81ee2f985fbfb6ebf6

    • SHA1

      9cbc8b1dc3480ee5a1df5aa81a24f22225137309

    • SHA256

      d2f4642282933b92336508b254613f20a9db1f8a443669f56f6c354d8b319e1e

    • SHA512

      b962604fd3db93914e1760e94129ca6531591e89f6695382275332ebf1297eadde470664c710afd9c0a1c19413ab93eefe115f0359c758899df0703ef1472e71

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run entry to start application

    • Checks whether UAC is enabled

    • Modifies system certificate store

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks